U.S. Senators Say ID.me Deceived Customers, Calls for FTC Investigation

Person holding a phone and scanning her face

Four U.S. senators have written a letter to Federal Trade Commission (FTC) urging it to investigate what it claims to be deceptive statements made by ID.me. The senators said that the company, which provides identity verification services, misled the public on the type of facial recognition technology it uses.

Previously, the company published a number of public blog posts and white papers where it claimed it did not use “one-to-many” facial recognition. However, earlier this year ID.me’s CEO revealed that this was untrue.

Since several U.S. state and federal agencies are also ID.me customers, legislators said the FTC should investigate the company’s statements and determine if they were unlawful.

What is ID.me?

ID.me is an American company that provides identity verification services to its customers. These tools can be very useful, especially for government agencies that provide essential services. It allows users to prove their identity in a speedy manner, which consequently grants them access to these services.

In fact, last year the IRS announced it had entered into an agreement with ID.me for taxpayer identification. However, this decision was met with significant criticism from lawmakers and the public. Eventually, the IRS said it would not go ahead with its plans to use ID.me’s facial recognition tools.

ID.me Accused of Misleading the Public With False Statements

ID.me finds itself in the spotlight once again, this time for allegedly misleading the public on its facial recognition tech. Four U.S. senators, namely Ron Wyden, Edward J. Markey, Alex Padilla, and Corey A. Booker wrote to FTC Chairperson Lina Khan asking for the agency to investigate ID.me’s public statements.

The company has said, at least since June 2021, that it uses “one-to-one” facial recognition, and not “one-to-many” facial recognition. One-to-one facial recognition involves comparing one photo with a single other photo to determine a person’s identity. It is a one-time comparison of two images. Whereas in one-to-many, one photo is compared against a database of photographs to find a match.

In January 2022, ID.me CEO Blake Hall maintained that the company did not use one-to-many facial recognition. However, just two days later, Hall admitted in a LinkedIn post that the company does in fact use one-to-many facial recognition. According to the senators’ letter, ID.me moved quickly to amend its previously published blog posts and white papers to reflect this revelation.

One-to-Many Facial Recognition Concerns

There is significant controversy surrounding one-to-many facial recognition. The first has to do with the storage itself, as it requires having pictures of millions of people on a database at all times. Such a database raises significant privacy concerns.

Secondly, one-to-many facial recognition systems have a higher probability of returning a false positive. In fact, a 2019 study conducted by the NIST showed that false matches are as much as 100 times higher for people from West Africa, East Africa, and East Asia, when compared to people from Eastern European countries.

Therefore, these systems carry an inherent bias and could lead to a disproportionate denial of services.

Senators Flag Issues With ID.me’s Statements

In their letter, the Senators point out two ways in which ID.me’s actions are harmful. First, they did not tell customers that their sensitive biometric data would be stored in a database. Nor did they state that it would be used for facial recognition every time a new user joined. Second, it may have influenced the government officials’ decision when choosing an identity verification partner.

The Senators have requested the FTC look into the company’s public statements, and determine whether they partook in “deceptive and unfair business practices” under Section 5 of the FTC Act.

Negative Public Perception of Facial Recognition Technology

The last few years have not been kind to companies working on facial recognition technology. Both IBM and Meta announced that they would shut down certain parts of their work on the software. Meta is also facing a lawsuit in Texas for violating the state’s consumer protection law through its facial recognition tool.

Lawmakers outside the U.S. also share the same sentiment towards the technology as well, with the EU taking a strong position against the use of facial recognition technology by law enforcement within the bloc. The latest incident with ID.me is bound to add to the negative public perception surrounding the technology.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.